To apply the same security permissions to databases and logins previously created using Windows Azure Pack, system administrators can use this script to provide the updated security and similar functionality provided by Windows Azure Pack prior to Update Release 3.

Warning

Before running the script, read this guidance:

If you are running Windows Azure Pack Update Release 3 or later, new database logins are not created with database owner set of permissions.

If you are running Windows Azure Pack Update Release 3 or later, and are using it to manage instances of SQL Server 2012 or later, with Contained Database Authentication enabled, contained databases are created by default, which provides better user isolation between deployed databases.

If you are running SQL Server 2012 or later, we recommend running the script with MigrateTo Contained flag turned on. If this flag is not specified, all database names on the hosting server will be visible to all tenants who are not using Contained Databases Authentication (tenants with databases which specify Containment = None)

When running a version of SQL Server prior to 2012, contained database authentication is not supported and tenants will see all database names deployed on the same SQL Server instance, including databases deployed by other tenants, but they can’t access any data that they do not own.